mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-23 10:06:25 +01:00
Seatbelts for vm_page_bits() in case a file offset is passed in rather than
the page offset. If a large file offset was passed in, a large negative array index could be generated which could cause page faults etc at worst and file corruption at the least. (Pages are allocated within file space on page alignment boundaries, so a file offset being passed in here is harmless to DTRT. The case where this was happening has already been fixed though, this is in case it happens again). Reviewed by: dyson
This commit is contained in:
parent
b3a77ee548
commit
3c33646725
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=35612
@ -34,7 +34,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* from: @(#)vm_page.c 7.4 (Berkeley) 5/7/91
|
||||
* $Id: vm_page.c,v 1.97 1998/03/16 01:55:55 dyson Exp $
|
||||
* $Id: vm_page.c,v 1.98 1998/04/15 17:47:38 bde Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -1429,11 +1429,12 @@ vm_page_bits(int base, int size)
|
||||
return VM_PAGE_BITS_ALL;
|
||||
|
||||
size = (size + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1);
|
||||
base &= PAGE_MASK;
|
||||
if (size > PAGE_SIZE - base) {
|
||||
size = PAGE_SIZE - base;
|
||||
}
|
||||
|
||||
base = (base % PAGE_SIZE) / DEV_BSIZE;
|
||||
base = base / DEV_BSIZE;
|
||||
chunk = vm_page_dev_bsize_chunks[size / DEV_BSIZE];
|
||||
return (chunk << base) & VM_PAGE_BITS_ALL;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user